<?php
session_start();
ob_start();
////////////////////////
$error = '';
if ($_POST['submitted'] != '') {
    $validate = true;
    if(empty($_POST['username']))
    {
        $error = ("UserName is empty!");
        $validate = false;
    } else if(empty($_POST['password'])) {
        $error = ("Password is empty!");
        $validate = false;
    }

    if ($validate) {
        $username = $_POST['username'];
        $password = $_POST['password'];

        if(!CheckLoginInDB($username,$password))
        {
            $error = "sai username or mat khau !";
        } else {
            $_SESSION['username'] = 'admin';
            session_regenerate_id(true);
            header("Location:index.php");
            session_write_close();
            exit;
        }
    }
}
function CheckLoginInDB($username,$password) {
    if ($username = "a@dmin" && $password == "!@#$%^") {
        return true;
    } else {
        false;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>

<body>
<form id='login' action='' method='post' accept-charset='UTF-8'>
<?php echo $error;?>
<fieldset >
<legend>Login</legend>
<input type='hidden' name='submitted' id='submitted' value='1'/>
 
<label for='username' >UserName*:</label>
<input type='text' name='username' id='username'  maxlength="50" />
 
<label for='password' >Password*:</label>
<input type='password' name='password' id='password' maxlength="50" />
 
<input type='submit' name='submit' value='Submit' />
 
</fieldset>
</form>
</body>
</html>